LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] openssh vulnerability

[ILUG] openssh vulnerability

Paul Jakma paulj at alphyra.ie
Tue Jun 25 13:35:15 IST 2002 

On Tue, 25 Jun 2002, Anders Holm wrote:

> > oh, i do so like to be condescended to.
> 
> same here. like I've already said, I've now done my share of
> flaming. I started replying to this thread, since I thought people
> had got the warning wrong. So, apparently I must have made a
> misstake along the way.

or different people come away with different impressions from Theo's 
warning.

incidentally, my original reply to kevin: the 2 of us had already 
spent a while on IRC debating the warning before either of us posted 
to ilug.

> Best of luck to you all with your SSH'ing. I've already tried giving
> suggestions. Now I'm backing out, since I'm not really interested in
> this loevely flame war than any one else. Initially I just tried
> squaring out what I tokk as misconceptions.

and we're squaring out yours. :)

> I do agree that there could have been better information released,
> and also a proper patch. Still, like stated previously, if being
> warned is too much of a problem, stop checking securityfocus and the
> likes, just get the updated package when it finally gets released.

i think the main thrust of those are miffed is that rather than:

- warn vendors they need to get privsep out
- warn everyone to get privsep out, publish of vulnerability imminent
- tell vendors exact details
<wait a week>
- release exact details

he's said he's done and is going to do:

- warn vendors they need to get privsep out
- warn everyone to get privsep out, vuln. imminent
<wait a week>
- release exact details

is that not a fair summary?

and when you look into Theo's background, one's suspicion that Theo's
not going to tell the vendors about the exact problem before the 
public is perhaps in some way a petty retaliation for the vendors not 
being too pushed about getting privsep out fast is not completely 
alleviated.

but that's just me.

> mailing list to try and help others, and get help when needed. At this point
> it all feels very ridiculous and immature to stay on here since most of it
> seems just to be about more things than Linux.

well, try find a non-moderated or non-dead list without flame-wars
every now and then.

> to sound condescending either. To me it just seemed like some people
> were getting overly annoyed and irritated. In any case....
> 
> Have a nice one and good bye. It's been nice being on the list for
> this time, but I'm now giving up, mainly due to signal 2 noise
> ratios, but also for this lovely chat....

's up to you.

> //Anders//

--paulj

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell